Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/efc9284f-892f-41da-98b0-a8e5a9c12d07.roa
File:                     efc9284f-892f-41da-98b0-a8e5a9c12d07.roa (raw, json)
Hash identifier:          vso+0kvjzfGEWphCQa4BX+Yf5PqOD1LHhlN/3Y2EEMQ=
Subject key identifier:   0F:E6:EB:D7:6D:61:CF:4F:66:B8:8F:BB:97:74:FB:55:2E:AA:DF:5C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1100A3977F70F2FADE73ACF6E6B07529F00DA426
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/efc9284f-892f-41da-98b0-a8e5a9c12d07.roa
Signing time:             Mon 20 Oct 2025 07:32:37 +0000
ROA not before:           Mon 20 Oct 2025 07:32:37 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.165.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:00:a3:97:7f:70:f2:fa:de:73:ac:f6:e6:b0:75:29:f0:0d:a4:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 20 07:32:37 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=0b2eeab359b044f432b44700cb3e10ed14669d845c9515a7bbe7de45715c7f43, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fd:fa:90:47:41:85:dd:ed:39:17:09:59:ab:
                    71:21:05:71:e7:4e:c0:b4:94:0d:50:e5:75:75:c6:
                    e2:e3:97:c8:a0:86:67:b3:22:c1:da:53:af:a7:74:
                    79:f3:54:d4:6b:3f:87:d3:83:74:31:b3:cf:72:82:
                    78:36:14:5e:db:72:10:c8:81:e7:48:32:63:b4:23:
                    62:09:f6:e6:27:07:7d:80:21:e6:b1:fc:0e:a1:bb:
                    93:eb:d0:5e:47:be:f5:65:26:16:08:f2:dc:54:12:
                    d4:b3:a2:40:60:0b:a8:58:0a:04:51:27:8b:b2:6e:
                    6f:a7:af:c6:3c:a5:6d:2f:de:ab:65:a3:9e:fd:ca:
                    4f:7b:d1:ff:e5:11:b5:e0:7f:14:5c:6d:ad:95:cc:
                    46:03:25:c0:3c:8d:2b:01:57:88:0c:4c:d9:7a:cc:
                    8e:81:7c:f1:93:c9:29:0a:c1:ea:25:f9:d0:8f:43:
                    3c:6a:60:2d:0b:9f:d1:bd:e3:2d:a3:d8:a9:85:9f:
                    8b:d8:67:25:5a:06:9e:db:5f:4a:b4:5b:cc:9c:1f:
                    f0:86:89:30:66:1c:4d:5b:cf:84:6f:17:6f:8f:a1:
                    db:a3:a4:cb:db:a1:0b:09:93:18:a8:b5:1d:14:b0:
                    94:6d:15:bc:f9:3e:46:4f:bb:a1:86:ce:3c:13:4e:
                    f6:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:E6:EB:D7:6D:61:CF:4F:66:B8:8F:BB:97:74:FB:55:2E:AA:DF:5C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/efc9284f-892f-41da-98b0-a8e5a9c12d07.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.165.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:f8:be:94:6f:39:ea:6c:cb:ab:b1:09:f5:ad:35:f4:5d:67:
         9a:1b:1f:0e:79:66:e1:6d:bb:3b:11:27:17:04:8c:8e:e1:86:
         08:a2:29:dc:62:96:24:0c:d8:96:0b:b7:50:6a:9c:7b:88:99:
         25:05:19:07:ef:ee:5f:04:26:82:04:d4:b1:c4:20:2a:a1:b2:
         9f:1f:9b:c2:0a:08:ad:cd:68:23:7b:60:ac:43:49:1d:c0:4c:
         a8:2b:1f:0c:f9:e6:d5:01:c1:59:35:a6:c5:4f:22:38:9c:27:
         38:9e:29:58:e5:8b:f9:92:4e:09:fc:47:0d:ff:53:cf:db:06:
         5d:17:17:cd:c4:17:af:7f:e9:0c:c3:a6:3b:8a:65:f5:a9:99:
         58:b7:a2:84:6a:c1:2d:57:c0:f0:ec:0f:f4:25:e5:1f:3e:73:
         55:a6:bb:1c:8a:df:41:a4:7e:18:ff:61:35:c0:80:0d:57:ef:
         3d:e1:4e:b7:fe:ba:e0:67:bd:2e:e2:a4:a4:f5:e2:21:64:d6:
         68:10:81:0e:31:ff:1a:6b:9e:b6:68:19:c1:57:24:2f:80:b8:
         97:9d:8e:09:28:29:b0:a7:15:60:7a:2d:90:e8:02:49:55:d0:
         5b:5d:94:df:6b:b3:e2:0c:fc:83:8a:06:cf:17:b8:2d:c2:5d:
         b5:6a:4a:be
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEQCjl39w8vrec6z25rB1KfANpCYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIwMDczMjM3WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYjJlZWFiMzU5YjA0NGY0MzJiNDQ3MDBjYjNlMTBlZDE0
NjY5ZDg0NWM5NTE1YTdiYmU3ZGU0NTcxNWM3ZjQzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDB/fqQR0GF3e05FwlZq3EhBXHnTsC0lA1Q5XV1xuLjl8ig
hmezIsHaU6+ndHnzVNRrP4fTg3Qxs89ygng2FF7bchDIgedIMmO0I2IJ9uYnB32A
Ieax/A6hu5Pr0F5HvvVlJhYI8txUEtSzokBgC6hYCgRRJ4uybm+nr8Y8pW0v3qtl
o579yk970f/lEbXgfxRcba2VzEYDJcA8jSsBV4gMTNl6zI6BfPGTySkKweol+dCP
QzxqYC0Ln9G94y2j2KmFn4vYZyVaBp7bX0q0W8ycH/CGiTBmHE1bz4RvF2+Poduj
pMvboQsJkxiotR0UsJRtFbz5PkZPu6GGzjwTTvbTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUD+br121hz09muI+7l3T7VS6q31wwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2VmYzkyODRmLTg5MmYtNDFkYS05OGIwLWE4ZTVhOWMxMmQwNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADpcUwDQYJKoZIhvcNAQELBQADggEBAFv4vpRvOepsy6uxCfWtNfRdZ5ob
Hw55ZuFtuzsRJxcEjI7hhgiiKdxiliQM2JYLt1BqnHuImSUFGQfv7l8EJoIE1LHE
ICqhsp8fm8IKCK3NaCN7YKxDSR3ATKgrHwz55tUBwVk1psVPIjicJzieKVjli/mS
Tgn8Rw3/U8/bBl0XF83EF69/6QzDpjuKZfWpmVi3ooRqwS1XwPDsD/Ql5R8+c1Wm
uxyK30Gkfhj/YTXAgA1X7z3hTrf+uuBnvS7ipKT14iFk1mgQgQ4x/xprnrZoGcFX
JC+AuJedjgkoKbCnFWB6LZDoAklV0FtdlN9rs+IM/IOKBs8XuC3CXbVqSr4=
-----END CERTIFICATE-----